Re: security advisory - which release?

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security advisory - which release?

From:	Jan-Henrik Haukeland
Subject:	Re: security advisory - which release?
Date:	Sat, 10 Apr 2004 23:14:45 +0200
User-agent:	Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Reasonable Discussion, linux)

Rick Robino <address@hidden> writes:

> Just noticed the security advisory, been pretty busy for a while here
> -
> I must have missed which release(s) the advisory applies to?  Just 4.2
> or earlier ones as well?  TIA.

Unfortunately earlier ones also (see the CHANGE log). All known
vulnerabilities are plugged in the current 4.2.1 release and you
should upgrade to this version.  It may be that some 3.x releases does
not have the Basic Auth. bug but they still have other vulnerabilities.
The safest is to upgrade to 4.2.1 which is the most hardened release
to date.

To be on the safe side (although I think it's safe now) you should
only run monit http bound to the loopback interface (so it's only
reachable from localhost) or run monit behind a firewall or simply
turn off the http interface although this reduce functional
interaction with monit.

-- 
Jan-Henrik Haukeland

[Prev in Thread]

Current Thread

[Next in Thread]

security advisory - which release?, Rick Robino, 2004/04/10
- Re: security advisory - which release?, Jan-Henrik Haukeland <=

Prev by Date: security advisory - which release?
Next by Date: Re: Circular Syntax
Previous by thread: security advisory - which release?
Next by thread: can not compile monit-4.2.1 on solaris 8
Index(es):
- Date
- Thread